Hacker News new | past | comments | ask | show | jobs | submit login

I bought a Dropcam when they were a new thing. When I realized they did literally everything via a cloud service and would be a brick without that service, I was furious. The incredible arrogance of a company making a webcam that sends your video to their servers, and provides no means to use the camera in a secure/local fashion, was astonishing to me.

I still can't believe something like Dropcam is such a huge success. The level of security awareness the general public has is terrifyingly small, and companies are taking advantage of it to produce brickable devices. It is the legal variant of ransomware...They can hold your data hostage for any reason and at any time. You're completely at their mercy, with regard to pricing and availability, and you have to trust they won't fall on hard times, or get tired of running the service.

This is the next front in the battle for electronic freedom, and lots of folks (even nerds) don't seem to realize it.




counter point: i pre-ordered dropcam for the reason that it was limited to cloud-use only. I wanted something dead simple to use so my wife / house sitter / etc could easily move it as needed, we had access anywhere without configuration, and devops/it being handled by someone else incase i'm not around. Classifying their cloud-only product design decision as "incredible arrogance" quite a stretch... if anything, sounds like incredible ignorance on part of buyer?

To your point about it being a brickable device... I figured by the time the product was "bricked" (e.g. company going bust, product end-of-life, etc), that the hardware would be so out of date that it'd be time to replace it anyway.

With that said... after Nest acquired them, there's been no new meaningful features, no decrease in price, no new camera features, etc. I cancelled the "DVR" plan and will be finding an alternate system later this year.


"if anything, sounds like incredible ignorance on part of buyer?"

I read the box. It listed a bunch of cool features. I bought it.

Nowhere on the box did it say, "We will keep all of your video and there is no way for you to use this device without Dropcam.com acting as an intermediary." I'm sure if I'd read some reviews, it would have been more clear to me what I was buying. But, I've bought cameras in this category before (first one I bought was a Panasonic Petcam about a decade ago, which worked wonderfully for many years, and didn't have the ability to hold my data for ransom), and never had one of them be this...um...useless, without the service associated with it. My expectation as a consumer of these kinds of devices was not, at all, met by what Dropcam is.

So, yes, I was ignorant of how Dropcam worked; but that ignorance was fostered by omission of key information on the Dropcam packaging.

"With that said... after Nest acquired them, there's been no new meaningful features, no decrease in price, no new camera features, etc. I cancelled the "DVR" plan and will be finding an alternate system later this year."

So...we're agreed, then, that you are at their mercy. You just have a much more forgiving attitude about their practices than I do. I consider it unethical (particularly the misleading copy on their packaging, but the general case of a device being ransomware, as well). Obviously, I'm not in the majority, since Dropcam is well-reviewed, and well-liked by a lot of people. I can't make people care about privacy, security, device re-usability, longevity of devices, reducing e-waste, and being able to make my own decisions about how I can use my devices, but I do still care about those things. Ease of use does not require giving up consumer choice.


ah but you didn't read ALL of the 300 page EULA, and discuss with the lawyer its specific interpretations and possible outcomes, therefore this is really your fault you see...


My expectation as a consumer of these kinds of devices was not, at all, met by what Dropcam is. I consider it unethical (particularly the misleading copy on their packaging, but the general case of a device being ransomware, as well)

Why didn't you just simply return the camera once you realized there was platform lock-in? Even after using Dropcam for significant time, the largest "investment" is the content captured during the "DVR" sliding window of 7 or 30 days--which you can export and manually download in chunks. How exactly was their product "ransomware"?

"I can't make people care about privacy, security"

FWIW, I care deeply about privacy/security, even more than some here. But how how does privacy / security relate to the service lock-in. If anything, the alternate "open" model has proven to be far worse in terms of privacy and security. I used my Dropcam to monitor the exterior of my house, pointed outward from a window. I accepted the tradeoffs, accepting the potential risk of Dropcam being hacked or a rogue engineer/admin, but trusting that they understood that risk and the need for appearing to care. Now, there's currently no consumer device on the market that I'd trust to continuously capture video in all common rooms (e.g. not bath/bed) in my house--even if only streaming to an on-prem server. The only option I'm comfortable with is building my own cameras, where I have control over the os/security/patches of the cameras.

So...we're agreed, then, that you are at their mercy. Sure, I agree that when purchasing a paired device and service offering, that you're at the mercy of that company to continue offering said service. I fully understood what I was getting when I purchased the camera, and felt that their model was worth $149. Maybe the marketing copy has changed since launch, but i fail to see how they were "unethical" or that the device is "ransomware". To be clear, I'm referring to Dropcam in 2012, not Nest.


> I figured by the time the product was "bricked" (e.g. company going bust, product end-of-life, etc), that the hardware would be so out of date that it'd be time to replace it anyway

How "out of date" can a simple webcam get? Not to the point of it not still being useful I would think. And the decision of hardware still being useful/usable should be the users choice, not the manufacturer.


Ubiquiti just came out with cameras and a DVR device (atom-based) to store the content with you: https://www.ubnt.com/unifi-video/unifi-nvr/


I've been looking at the ubiquiti nvr for a bit as i like their wireless stuff but i'm not sure what cameras i'd want. The reviews of the newer micro cameras are crap and the new-new g3 ones they just announced aren't delivering til fall.


I went with a Xiaomi Yi for all those reasons - it's a quarter the price, and I doubt Xiaomi will be very inclined to share my data with the powers that be in the US (and their sharing it with the powers that be in the PRC is not likely to affect me). Of course, it's inherently absurd that these devices don't allow you to stream the video off of them yourself, it makes them e-waste in the making. Possibly someone will figure out a way to install friendlier firmware on them via the micro-sd card...


I did the same. I'm dubious that I'll buy another one, but even with the lack of new shinies, I'm happy with my dropcam purchase. If it shuts down tomorrow with no story for how I can switch it to my own servers, I'll be less happy. But I used it to replace a homebrew setup with a cheap IP cam and my own storage -- I willingly went with the cloud route knowing that it could be shut down on me, and the ~two years of completely hassle-free operation has been worth it. The homebrew version was mine, all mine, and it was a bloody headache.

I'd strongly prefer to buy from a company that promised open sourcing / releasing access keys if they sunset the product. In fact, I'll probably look for that on future purchases...


I cancelled the plan as well, but ended up getting charged at renewal time. The effort required on my part to fix that mistake was unacceptable (submitting screen shots of my Nest account details, required to send photo of the serial number on the camera, weeks of communication delays), and they STILL owe me some money, and have ignored further requests.


> arrogance of a company making a webcam that sends your video to their servers, and provides no means to use the camera in a secure/local fashion

I basically say the same thing about every 'smart home' device.

I would love to be able to query my thermostat to find out when and how long it turned the heat/AC on and whatnot, but I only want it to talk to my local wifi and devices. I don't want it to use a cloud service at all for anything ever.

I don't have that option, so I don't use them.


After the Dropcam fiasco, I wondered if there would be a market for secure smart devices with an open API. To me, it's an obvious benefit and one that I would buy (whereas I won't buy the cloud-based devices of this sort), but I suspect the ease of use of something like Dropcam trumps all of the other considerations. I even considered doing a Kickstarter to build something in that space; the technical side, both hardware and software, is actually very, very, simple these days. I mean, a thermostat is a temperature sensor, a clock, and some switches; the kind of thing electronics nerds put together when first learning. The smallest Arduino could more than handle the task (for the prototype, and a dedicated device could be manufactured in quantity very cheaply). Controlling switches and sensors in software is also very simple. Making a beautiful UI (which I think is a big part of the appeal of Nest, Dropcam, and the like) is more challenging, for me, but perhaps there's a UI/UX designer out there who has similar inclinations.

I never thought I'd want to be in the home automation business, or the web cam business, but this kind of thing is just so offensive to me, that whenever I think about it, I want to do something.


The problem with taking these things out of the cloud is that you're then a hardware provider rather than a service provider.

Your revenue would come from selling increasingly inexpensive hardware and/or trying to sell your software to run in a consumer environment where you have very little control.

Very few companies can make money that way. Smartthings is backed by Samsung (800 lb gorilla). They appear to be playing a long game now because they provide cloud-backed service (for free) and cheap hardware. The strategy will very clear shift towards subscription service eventually, IMHO.


Perhaps a hybrid business model could be achieved by setting the hardware to talk to a central server of the user's choice. The server software would be open source and be manageable via a web interface, which is mobile-friendly. The company would simultaneously offer a cloud-based alternative for a monthly fee, so that the user could avoid having to setup his/her own server. As a third option, each device could be managed individually; this is likely most appropriate if the user only has a single device.

So long as the company does not go rogue and purposefully brick the devices, then the company could shutdown and the devices could still be usable. Further, other companies could provide remote management services for these devices. Being IoT devices, though, would make them still susceptible to security issues, but at least being able to use them on a segregated network could limit that from happening.


I haven't tried it personally but I know a few people who think highly of SmartThings [1], which is a relatively open platform. I've also experimented with Raspberry Pis. However, to be honest, there are a fairly limited number of "smart" things I can do around my house which would be genuinely useful.

[1] http://developer.smartthings.com/


It is a neat platform. I use it myself.

HOWEVER.... it DOES rely upon Smartthings "in the cloud". Every interaction with sensors is mediated through the cloud and if something goes wrong on their side (and it does) mayhem ensues.

FWIW, the developer platform consists of writing groovy scripts in their web-based IDE. The code runs on their servers, not your devices.


It's not just Smartthings which betray users by collecting all your data. If you need documentation help with writing those Apache Groovy scripts, you might think going to the Apache website to look up Groovy would provide a safe browsing experience. But virtually every link there for Groovy redirects to groovy-lang.org. Look up the DNS name registry and you'll see your IP address isn't being collected by Apache, or even a business -- that domain name is owned by a single private individual without any business or non-profit affiliation. When it comes to business ethics, like attracts like.


That does look promising. It's kinda hard to tell how SmartThings all fits together with devices and what level of control consumers actually have, but, the word "open" appears a lot in their copy.


Moteino is pretty cool if you want to DIY: http://lowpowerlab.com/moteino/


Looking at the trends in computing,coffee makers,printers,routers etc, it kinda seems like a lost battle, isn't it?


There are plenty of smart home devices that work without any form of internet connection. Have been for 20+ years, too.


There's "smart", as defined 20 years ago...which is timers, complex schedules, etc. And, then there's "smart" as we define it today, which is WiFi, browser or app-based UI, etc. I'm unaware of a Nest competitor that is not tied to the cloud-based service of the provider. I am not super attuned to the market, however. Things have likely (hopefully) changed since last I researched things like Nest a year or two ago.


Apple HomeKit works without cloud services. It is entirely local with your phone, mac, iPad etc directly interacting with the devices. I'm sure some of the individual devices from partners may leverage cloud services but I have yet to purchase a device that requires it. The only "cloud" aspect is if you want remote access to your devices an AppleTV can act as a proxy/gateway that let's you control your device from the internet rather than the local network. The eco-system is a hot mess at the moment but the basic design is well thought out.


Yes, I have a system with browser and mobile ui, based on zwave, 433mhz and modbus devives. The software I use is symcon, which has existed for 5 years at the least; but there is also eg openhab for those insisting on open source only. I optionally have internet integration too, but strictly optional.


I have only seen ones that allow you to program them (wake, leave, return, sleep) but wifi enabled for querying I have only seen ones that require a cloud account, even if you can also locally query them.


I hope there will be a trend where the computing power and storage goes from the cloud back to the customer's site. The internet should only be an addon for connectivity but not be needed for the device to work.

Good old PCs weren't so bad after all. You had all your data and software locally and could do whatever you wanted.


The good old days.. I remember ~2007 everyone making a big brouhaha about moving crap tons of stuff "to the cloud" and I felt so morally outraged that in this future I'd have no control over the uptime, accessibility, or core content based on my own actions - it'd be left up to someone else completely.

I think it was a couple years ago I finally stopped resisting and said "fuck it" - signed up for Spotify, shut the hodge podge of syncing/ home NAS solutions I was using and just got a Dropbox account.


See my other comment somewhere on this page. From my POV, Synology is in a really good place to pull this off. You can have one of their little boxes serve audio, video, keep your notes ala OneNote, all accessible remotely if need be. With just a liiiiiitle more, it could be your IoT hub.

Others outside Synology write stuff for those boxes, evidence that it's not locked down, so I suppose with enough hacking one could get a DropCam to work on a Synology box. But it would be a hell of a lot easier if Synology had a list of plug-and-play devices that they either build themselves or partner with another manufacturer. The latter is unlikely to happen, given the rent-seeking behavior we see out of manufacturers.


> I still can't believe something like Dropcam is such a huge success. The level of security awareness the general public has is terrifyingly small

I think you are totally misjudging this market. To the average person, a Dropcam is empirically far more secure in practice than many alternatives have proven to be. It's certainly what I'd recommend to a friend.

A few years ago, Foscam Wifi cameras were popular with parents. You could buy one for <$100 and they worked over wifi and had no service you had to buy. But then they were hacked by the thousands[1] with repeated major security issues over multiple years[2]. There were numerous news reports of parents finding strangers yelling obscenities at their babies in the middle of the night using the camera's talk-back function. This happened to multiple people I knew in real life.

This led to numerous articles like this one[3] telling parents to update passwords, disable UPnP, tweak router settings, update firmware, etc, to prevent future hacks. But to a parent who's baby was woken up in the middle of the night by a hacker, they are probably just going to throw the hacked camera in the trash.

By comparison, Dropcam is a totally integrated solution that requires no user-initiated updates, no network configuration and is backed by the reputation of Google. To the average parent that doesn't want to spend their life reading Foscam forums, that's a much more attractive solution and much less likely to get hacked due to not being updated or properly configured and secured.

Dropcam/Nest/Google produces a product that works really well right out of the box with almost zero configuration and is relatively secure. The non-cloud alternatives do not. Until someone offers a solution that "just works" like Dropcam, consumers will keep opting for the cloud-based solution.

Yes, it sucks for electronic freedom. But that's not the main feature that matters to the market.

[1] http://www.forbes.com/sites/kashmirhill/2013/08/13/how-a-cre... [2] http://krebsonsecurity.com/2014/01/bug-exposes-ip-cameras-ba... [3] http://www.brockthompson.com/blog/3-ways-protect-foscam-hack...


Totally agree.

I think there are a lot of people on HN who dont remember that just because they can easily set something up regular people can't do the same thing.

Of cause having dropbox/dropcam simplicity comes with downsides but for regular consumers its not a question between self hosting and cloud, its between having something that can do this and not having it at all.


It seems like the complexity of getting around NAT/firewalls is likely to stymie a lot of potential users. Making a cloud service is a bad idea for all kinds of reasons, but it simplifies this important aspect of getting the device up and running.


Yes, that's absolutely an issue. And, it would even be OK, for me, to have that be the default, as long as they provide some other means of dealing with the device. WiFi isn't hard, at all. So give me a local web UI, and a way to store things locally or remotely using some standard protocol. That's dead simple to implement, and routers and printers have been doing it for a couple decades. Simply making the device usable without the cloud service would have been enough for me to not be so angry with Dropcam, and enough for me to feel like this is not a failure of ethics in the tech sector.

I've owned a number of devices in this category; the first was a Panasonic Petcam, which worked great for me, for many years. It had the ability to email me videos and photos, save to arbitrary FTP storage, etc. This was over a decade ago! If they could manage all that back then, why is it so difficult now, with networking tools being so much more advanced today?


There are plenty of cameras like what you're describing on the market today. Modern incarnations of the Panasonic Petcam. Search 'WiFi IP camera'. You just don't hear about them because they aren't hyped to high hell like Dropcam.


Yes, I've got a couple. I was sort of changing the subject to other home automation devices, without really being clear about that. Nest is clearly the market leader in the home automation category; at least for thermostats. I'm sure there must be others, but Nest is the only one I see at Home Depot and Lowes. I think they've executed on their plan remarkably well, so taking them on with something that is a much lower margin product (a hardware device that doesn't hold the consumer for ransom for the monthly bill) would be extremely difficult, I think. And, because they do so much of their thinking in the cloud, their devices can be dumber/cheaper. So, they win on two fronts, as long as consumers don't mind being fleeced in this way.

And, yeah, hype has a lot to do with it. How have products like Dropcam and Nest generated so much buzz? I guess people genuinely prefer them, and consider the user experience worth the price (both in terms of money and in terms of privacy and choice).


> I still can't believe something like Dropcam is such a huge success. The level of security awareness the general public has is terrifyingly small, and companies are taking advantage of it to produce brickable devices. It is the legal variant of ransomware...They can hold your data hostage for any reason and at any time. You're completely at their mercy, with regard to pricing and availability, and you have to trust they won't fall on hard times, or get tired of running the service.

That is the difference between tech professionals and the general public. We care, others don't. Make it work, make it just expensive enough folks will buy it to fix their problem while you clean up, profit.

If you want things to change, it'll only happen with regulation.


> We care, others don't.

That's not a justification to add data stealing features and obfuscated dependencies to a remote, probably short lived server.

We understand the nature of those features, others don't.


I'm not justifying it. I'm explaining why it plays out in the marketplace.


Ironically, I was at a presentation by a Chinese surveillance camera company and they were saying that they are moving their image recognition and processing to the device from the cloud because the bandwidth and centralized processing is not scalable enough. Just as a general engineering matter, the devices will get more smarts.


Every time I see a new security hardware startup I immediately look for what their products can do without a cloud service.

9/10 the answer is: absolutely nothing. In 2-3 years it'll be in a landfill, not because the hardware is obsolete, but because the firmware made it so. Landfills full of hubris.


Landfills full of hubris.

Landfills full of unicorn poop.


This is why I have decided against the Dropcam/Nestcam. We currently use the (now end-of-lifed) Logitech Alert system. Each camera has its own storage and you can option to have that offloaded to a network device. The entire system functions without any dependency on their backend. For free you even get live streaming (which does depend on their backend). However, for something like only $80/yr you can also access the video stored on the cameras for playback. And that one fee gets you all the cameras in your network (where Dropcam charges more... and per camera). I guess Logitech could do it cheaper because their backend just connects you to your cameras so they don't have to handle the data storage/streaming. And even though they end-of-lifed it, they still work. I plan to use them until the wheels fall off. Was hoping to switch to Dropcams, until I researched them more to find out they are cloud-only.


Have you found an alternative product you prefer?


Welcome to your next fridge.


Yeah, I made some cheesy jokes about this on April Fools Day: http://thingmin.com




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: